From 111c0f374ae8f9c4d2183fb9e826d7084c85488f Mon Sep 17 00:00:00 2001 From: David Tardon Date: Fri, 31 Jul 2015 17:58:29 +0200 Subject: [PATCH] rhbz#1248443 unbounded heap allocation --- src/lib/RVNGOLEStream.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lib/RVNGOLEStream.cpp b/src/lib/RVNGOLEStream.cpp index 89055f7..c75b135 100644 --- a/src/lib/RVNGOLEStream.cpp +++ b/src/lib/RVNGOLEStream.cpp @@ -755,6 +755,8 @@ bool librevenge::Header::valid(const unsigned long fileSize) if (m_threshold != 4096) return false; // there must be at least the header, one bat sector and one dirent sector in the file if ((fileSize / m_size_bbat) < 3) return false; + // sectors must fit into the file + if ((fileSize / m_size_bbat) < m_num_mbat) return false; if (m_num_bat == 0) return false; if ((m_num_bat > 109) && (m_num_bat > (m_num_mbat * (m_size_bbat/4-1)) + 109)) return false; if ((m_num_bat < 109) && (m_num_mbat != 0)) return false; -- 2.1.0